tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <>
Subject Re: Mapping security role outside of servlet specification
Date Tue, 11 Jun 2013 17:42:54 GMT
Am 05.06.2013 13:42, schrieb Ilya Kazakevich:
> Hello,
> I use "probe" app for several tomcats.
> It's security model is based on servlet API security: security roles and
> constraints are provided in web.xml and mapped for each servlet it has.
> I use JNDIRealm to authenticate users via LDAP (actually AD is used).
> I want to grant access to Probe on "Tomcat1' installation for people from
> "Group1"  and to "Tomcat2" to people from "Group2".
> But "manager" group is hard-coded in web.xml inside of probe!
> I want to map group "Group1" from LDAP realm to role "manager" in tomcat.
> How can I do that?
> I can't use "security-role-ref" because I should put in <servlet> tag, so I
> can't
> do that on tomcat level.
> There is " security-role-mapping" tag in some servers but  it is proprietary
> and not supported by tomcat.
> So the only way for me to extract .war file and patch web.xml.
That is the way, we do it at work. For probe, that is.

For other applications we are using different Attributes in the ldap 
group objects to map to different names for the role.

> What is the best way to solve it?
> Ilya.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message